Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Welcome to LinuxQuestions.org, a friendly and active Linux Community.

You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!

Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.

If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.

Having a problem logging in? Please visit this page to clear all LQ-related cookies.

Introduction to Linux - A Hands on Guide

This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.

I just have a quick question about the behaviour of dd with encryption.

After creating a regular filesystem inside an encrypted partition, can I use dd to safely copy the contents of a drive image into that partition such that it will be encrypted?

What I assume is, so long as I copy into the mounted, decrypted partition, the copy should pass through the encryption layer and thus be encrypted as it is stored to disk, but for some reason I've got this lingering doubt.

Can anyone confirm that this is a reasonable approach?

(Background info: I'm building an image of a root drive to copy onto a small, slow, portable computer, hence the full drive encryption and the desire to build the OS on a different machine.)

dd copies an area of the hard disk, bit by bit. It does not care whether that data is encrypted.

I don't know what an "encrypted partition" is but, if you setup any partition, and then use dd to copy to it, it simply copies all the bits into the start of the partition. The result is determined by what was in the source.

I just did a quick experiment. I created and formatted a small partition (sda3) and copied a file to it normally. I then copied another file using dd:

dd if=filename of=/dev/sda3

The second file is not visible using normal commands. Using dd, it is visible at the very beginning of the partition---before any filesystem stuff. If it had been a larger file, it would have damaged the filesystem structures and the first file would disappear.

thanks for your test. I don't think I adequately explained the process I'm intending to use.

Rather than dd directly onto /dev/sda2, I would be creating an encrypted volume on sda2. Ie:

cryptsetup -s 256 -y luksFormat /dev/sda2

cryptsetup luksOpen /dev/sda2 cryptroot

So what I've done is create an encrypted partition on /dev/sda2, and opened it so its now accessible at /dev/mapper/cryptroot

Accessing /dev/mapper/cryptroot I can now create a filesystem on that device which is correctly formatted as (say) ext2 so I can then mount /dev/mapper/cryptroot on / providing my initrd opens the encrypted partition.

----

With that out of the way, I suppose the command I'd be attempting would be more like dd if=img.img of=/dev/mapper/cryptroot

And, if img.img contains an ext2 formatted partition I should be able to access it as I would a manually created partition, and the contents when written via dd will still get encrypted.

But as you said, dd is very low-level, so, newbie that I am, I was hoping someone with experience with encryption could confirm whether this will behave the way I've described.

It is not clear what the 'dd' approach would yield but you can try it using a large text file.

That's a good idea- even writing a smallish textfile into the partition then copying the contents of the actual device back and searching through for the contents of the text file should answer my question.